-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Aug 1, 2011, at 6:55 PM, Alisha Kloc wrote: > Unfortunately, we can't make any changes to the HP-UX system, which > means no cron jobs, no clearing logs, etc. All we're allowed to touch > is OSSEC agent stuff. Within that, I have some flexibility if I use > the process monitor to call a simple shell script, which allows > consecutive commands like you suggested, but anything beyond that > isn't allowed. > > Sounds like this might not be possible...
What about tmp files? Run last and spit it out to /tmp/lastlog or something.. Then have ossec monitor that file. Any changes should pop out with check_diff. Or, if you can't do it locally on the hp-ux server, write a script on the ossec manager that logs into the hp-ux machine, runs last, and stores that locally on the ossec manager. Then just monitor that log. > -Alisha - --------------------------- Jason 'XenoPhage' Frisvold [email protected] - --------------------------- "Any sufficiently advanced magic is indistinguishable from technology." - - Niven's Inverse of Clarke's Third Law -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.16 (Darwin) iEYEARECAAYFAk459bwACgkQ8CjzPZyTUTTMMwCcCNjQ3cL0lL+G/byMwIvRj6hE h3gAniADRO6Fd1JVWJGmJoSPi8Vs7Xw+ =JCh9 -----END PGP SIGNATURE-----
